WC_WCCOM_Site::get_authorization_header()protected staticWC 3.7.0

Get the authorization header.

On certain systems and configurations, the Authorization header will be stripped out by the server or PHP. Typically this is then used to generate PHP_AUTH_USER/PHP_AUTH_PASS but not passed on. We use getallheaders here to try and grab it out instead.

Method of the class: WC_WCCOM_Site{}

No Hooks.

Return

String. Authorization header if set.

Usage

$result = WC_WCCOM_Site::get_authorization_header();

Changelog

Since 3.7.0 Introduced.

WC_WCCOM_Site::get_authorization_header() code WC 9.4.2

protected static function get_authorization_header() {
	if ( ! empty( $_SERVER['HTTP_AUTHORIZATION'] ) ) {
		return wp_unslash( $_SERVER['HTTP_AUTHORIZATION'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
	}

	if ( function_exists( 'getallheaders' ) ) {
		$headers = getallheaders();
		// Check for the authoization header case-insensitively.
		foreach ( $headers as $key => $value ) {
			if ( 'authorization' === strtolower( $key ) ) {
				return $value;
			}
		}
	}

	return '';
}